May 12, 2017 is one of the most dreadful days of the year for cyber experts and its stakeholders. About 150 countries across the globe suffered a cyber-attack, affecting 200,000 computers.
It was the infamous “WannaCry” ransomware in which hackers locked people out of their computers, demanding a ransom of $300 in bitcoins. Medical care became inaccessible and factories were shut down for more than 2 days to minimize loss of confidential and further damage.
Here goes a brief on one of the most dangerous ransomware attacks in the Cyber-verse:
What is “WannaCry”?
“WannaCry” appears to have utilized a flaw in Microsoft’s software, discovered by the National Security Agency, which was quickly leaked by hackers. The malicious code that relied on the victims opening a zip file emailed to them, spread rapidly across networks locking away files one by one. From then on, the programme used Microsoft’s flaw to thrive.
Microsoft had released a security update which addressed the vulnerability in the sixteen year old Windows XP operating system, in March 2017. This update was exploited by the hackers to trigger the massive ransomware attack.
Who got affected?
Several computer networks worldwide were affected, including Telefonica as well as other major organizations in Spain. The British National Health Service (NHS), too, was forced to cancel scheduled patients.
FedEx, Deutsche Bahn, the Russian Interior Ministry and Russian telecom MegaFon were barred from normal operating services. According to Quartz the three bitcoin wallets used in the attack received just under 300 payments totalling a sum of 48.8635565 bitcoins, which is the equivalent of about $101,000.
What is a ransomware attack?
The term ‘ransomware’ appeared in 2005 in the US with the first notable biggest threats to security. While cyber experts maintain it to be 2005, the history of ransomware goes back to 1989.
According to Becker’s Hospital Review, the earliest ransomware attack occurred in 1989, targeting the healthcare industry. Tracing the same, the healthcare industry still remains a top target for such attacks even after twenty eight years.
Ransomware is a cyber-attack wherein hackers gain control over a computer system and block access to it until the demanded ransom is paid. Hackers get control of systems by downloading a type of malicious software onto a device within the network. This is usually done by getting a victim to click on download link by mistake. The link is normally attached with an email, which once opened, encrypts the hard drive. Once the software gets into the victim’s computer, it enables the hackers to launch an attack that locks all files it can find within that network.
The recent ‘WannaCry’, also known as Wanna Decryptor is a ransomware programme that locks all the available data in the system leaving the user with only instructions on what to do next and the Wanna Decryptor programme itself.
When the software is opened, it tells the users that the files on their computer have been encrypted. It then gives them a few days to pay up, warning that their files will otherwise be deleted. It generally gives them instructions to pay in Bitcoin, providing the Bitcoin address for it to be sent to.
What is the way out?
Larger organizations should ideally follow the guidelines provided by concerned institutions:
- Apply the latest Microsoft security patches for this particular flaw.
- Ensure all outgoing and incoming emails are scanned for malicious attachments.
- Ensure anti-virus programmes are up to date and conducting regular scans.
- Backup all key data and information.
- Organize education programmes on malware so employees can identify scams, malicious links or emails that may contain hazardous viruses.
- Run “penetration tests” against your network’s security at least once a year.
Many experts even suggested restoring all files from a backup. If that isn’t possible, there are tools that can decrypt and recover some information.
The post Why ‘WannaCry’ must be a lesson for all appeared first on Infosec Foundation.
Source: infoconglobal